Detection and eradication of malware-based attacks has long been an issue for computing devices both within the infrastructure of a network and at its endpoints. Network devices making up core portions of networks have become increasingly sophisticated in monitoring and analyzing activity occurring throughout a network to determine whether an attack to compromise the security of the network is underway and respond to block it. Correspondingly, it has become commonplace to employ anti-malware routines (e.g., anti-virus software) to monitor and analyze activity within a computing device disposed at an endpoint of a network to determine whether an attack to compromise the security of the computing device, and then the network, is underway and respond to block it.
However, such efforts to address attacks to networks and attacks to computing devices disposed at endpoints of networks are typically not coordinated. Network devices making up core portions of a network typically exchange information concerning detected activities that may be indicative of an attack to the network, but seldom exchange such information with the computing devices at the endpoints.
This partly arises due to the network devices often remaining under the direct control of personnel who maintain the network while the computing devices at the endpoints are usually under the direct control of other persons who use the computing devices and the services of the network, but are not involved in maintaining either. Thus, the computing devices at the endpoints of the network are treated by those who maintain the network as presumably already compromised such that any information that might be provided by those computing devices to indicate aspects of an attack is treated as unreliable. Indeed, it is common practice for personnel who maintain the network to not bother to obtain such information from endpoint devices, and to ignore any such information that may be received from endpoint devices.